Version 3 - History - ipsec - strongSwan

ipsec » History » Version 3

Martin Willi, 29.09.2007 13:55
added explanations for the control commands

-Martin Willi
+= ipsec =
 Martin Willi
-Martin Willi
+'''ipsec''' is actually an umbrella command comprising a collection of individual sub commands of the form
 Martin Willi
-Martin Willi
+  '''ipsec ''<command>'' [ ''<argument>'' ]  [ ''<options>'' ]'''
 Martin Willi
-Martin Willi
+that can be used to control and monitor IPsec connections as well as the IKE daemons.
 Martin Willi
-Martin Willi
+== Control Commands ==
 Martin Willi
-Martin Willi
+'''ipsec start [ ''<starter options>'' ]'''
-Martin Willi
+   calls [wiki:IpsecStarter ipsec starter] which in turn parses [wiki:IpsecConf ipsec.conf] and starts
-Martin Willi
+   the IKEv1 pluto and IKEv2 charon daemons.
 Martin Willi
-Martin Willi
+'''ipsec stop'''
-Martin Willi
+   terminates all IPsec connection and stops the IKEv1 pluto and IKEv2 charon daemons by sending
-Martin Willi
+   a ''TERM'' signal to [wiki:IpsecStarter ipsec starter].
 Martin Willi
-Martin Willi
+'''ipsec restart [ ''<starter options>'' ]'''
-Martin Willi
+   is equivalent to '''ipsec stop''' followed by '''ipsec start [ ''<starter options>'' ]''' after a
-Martin Willi
+   guard period of 2 seconds.
 Martin Willi
-Martin Willi
+'''ipsec update'''
-Martin Willi
+   sends a ''HUP'' signal to [wiki:IpsecStarter ipsec starter] which in turn determines any changes
-Martin Willi
+   in[wiki:IpsecConf ipsec.conf] and updates the configuration on the running IKEv1 pluto and IKEv2
-Martin Willi
+   charon daemons, correspondingly.
 Martin Willi
-Martin Willi
+'''ipsec reload'''
-Martin Willi
+   sends a ''USR1'' signal to [wiki:IpsecStarter ipsec starter] which in turn reloads the
-Martin Willi
+   whole configuration on the running IKEv1 pluto and IKEv2 charon daemons based on the actual
-Martin Willi
+   [wiki:IpsecConf ipsec.conf].
 Martin Willi
-Martin Willi
+'''ipsec up  ''<name>'' '''
-Martin Willi
+   tells the responsible IKE daemon to start up connection ''<name>''.
 Martin Willi
-Martin Willi
+'''ipsec down  ''<name>'' '''
-Martin Willi
+   tells the responsible IKE daemon to terminate connection ''<name>''.
 Martin Willi
-Martin Willi
+'''ipsec route  ''<name>'' '''
-Martin Willi
+   tells the responsible IKE daemon to insert an IPsec policy in the kernel for connection ''<name>''.
-Martin Willi
+   The first payload packet matching the IPsec policy will automatically trigger an IKE connection setup.
 Martin Willi
-Martin Willi
+'''ipsec unroute  ''<name>'' '''
-Martin Willi
+   remove the IPsec policy in the kernel for connection ''<name>''.
 Martin Willi
-Martin Willi
+'''ipsec status [ ''<name>'' ] '''
-Martin Willi
+   returns concise status information either on connection ''<name>'' or if the argument is lacking,
-Martin Willi
+   on all connections.
 Martin Willi
-Martin Willi
+'''ipsec statusall [ ''<name>'' ] '''
-Martin Willi
+   returns detailed status information either on connection ''<name>'' or if the argument is lacking,
-Martin Willi
+   on all connections.
 Martin Willi
-Martin Willi
+== Info Commands ==
 Martin Willi
-Martin Willi
+'''ipsec version'''
 Martin Willi
-Martin Willi
+'''ipsec copyright'''
 Martin Willi
-Martin Willi
+'''ipsec --versioncode'''
 Martin Willi
-Martin Willi
+'''ipsec --directory'''
 Martin Willi
-Martin Willi
+'''ipsec --confdir'''
 Martin Willi
-Martin Willi
+== List Commands ==
 Martin Willi
-Martin Willi
+'''ipsec listaacerts [ --utc ]'''
 Martin Willi
-Martin Willi
+'''ipsec listacerts [ --utc ]'''
 Martin Willi
-Martin Willi
+'''ipsec listalgs'''
-Martin Willi
+   lists all registered IKE and ESP encryption and authentication algorithms as well as the supported Diffie-Hellman groups.
-Martin Willi
+   Supported by the IKEv1 pluto daemon only.
 Martin Willi
-Martin Willi
+'''ipsec listcacerts [ --utc ]'''
 Martin Willi
-Martin Willi
+'''ipsec listcainfos [ --utc ]'''
 Martin Willi
-Martin Willi
+'''ipsec listcards [ --utc ]'''
-Martin Willi
+   lists all certificates found on attached smart cards.
-Martin Willi
+   Supported by the IKEv1 pluto daemon only.
 Martin Willi
-Martin Willi
+'''ipsec listcrls [ --utc ]'''
 Martin Willi
-Martin Willi
+'''ipsec listcerts [ --utc ]'''
 Martin Willi
-Martin Willi
+'''ipsec listgroups [ --utc ]'''
 Martin Willi
-Martin Willi
+'''ipsec listocsp [ --utc ]'''
 Martin Willi
-Martin Willi
+'''ipsec listocspcerts [ --utc ]'''
 Martin Willi
-Martin Willi
+'''ipsec listpubkeys [ --utc ]'''
-Martin Willi
+   lists the cached RSA public keys.
-Martin Willi
+   Supported by the IKEv1 pluto daemon only.
 Martin Willi
-Martin Willi
+'''ipsec listall [ --utc ]'''
 Martin Willi
-Martin Willi
+== Reread Commands ==
 Martin Willi
-Martin Willi
+'''ipsec rereadaacerts'''
 Martin Willi
-Martin Willi
+'''ipsec rereadacerts'''
 Martin Willi
-Martin Willi
+'''ipsec rereadcacerts'''
 Martin Willi
-Martin Willi
+'''ipsec rereadcrls'''
 Martin Willi
-Martin Willi
+'''ipsec rereadocspcerts'''
 Martin Willi
-Martin Willi
+'''ipsec rereadsecrets'''
 Martin Willi
-Martin Willi
+'''ipsec secrets'''
-Martin Willi
+   is equivalent to '''ipsec rereadsecrets'''.
 Martin Willi
-Martin Willi
+'''ipsec rereadall'''
 Martin Willi
-Martin Willi
+== Purge Commands ==
 Martin Willi
-Martin Willi
+'''ipsec purgeocsp'''
 Martin Willi
-Martin Willi
+== PKCS11 Proxy Commands ==
 Martin Willi
-Martin Willi
+'''ipsec scencrypt'''
 Martin Willi
-Martin Willi
+'''ipsec scdecrypt'''

Project

General

Profile

strongSwan

ipsec » History » Version 3